Security News > 2021 > October > Google: YouTubers’ accounts hijacked with cookie-stealing malware

Google: YouTubers’ accounts hijacked with cookie-stealing malware
2021-10-20 15:49

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors.

The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each attacker's preference.

Malware observed in the attacks includes commodity strains like RedLine, Vidar, Predator The Thief, Nexus stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad, and Kantal, and open-source ones such as Sorano and AdamantiumThief.

Once delivered on the targets' systems, the malware was used to steal their credentials and browser cookies which allowed the attackers to hijack the victims' accounts in pass-the-cookie attacks.

Google identified at least 1,011 domains linked to these attacks and roughly 15,000 actor accounts specifically created for this campaign and used to deliver phishing emails containing links redirecting to malware landing pages to YouTube creators' business emails.

A significant number of YouTube channels hijacked in these attacks were later rebranded to impersonate high-profile tech executives or cryptocurrency exchange firms and used for live streaming cryptocurrency scams.


News URL

https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/